def process_login(): form = LoginForm() next_url = request.args.get('next') if form.validate_on_submit(): user_json = data_api_client.authenticate_user(form.email_address.data, form.password.data) if not user_json: current_app.logger.info( "login.fail: failed to log in {email_hash}", extra={'email_hash': hash_string(form.email_address.data)}) flash(NO_ACCOUNT_MESSAGE, "error") return render_template("auth/login.html", form=form, errors=get_errors_from_wtform(form), next=next_url), 403 user = User.from_json(user_json) login_user(user) current_app.logger.info("login.success: role={role} user={email_hash}", extra={ 'role': user.role, 'email_hash': hash_string(form.email_address.data) }) return redirect_logged_in_user(next_url) else: errors = get_errors_from_wtform(form) return render_template("auth/login.html", form=form, errors=errors, next=next_url), 400
def render_create_application(token, data=None, errors=None): data = data or {} try: token_data = decode_user_token(token.encode()) except InvalidToken: return render_template('errors/500.html', error_message='Account creation invitation invalid or expired') if not token_data.get('email_address'): abort(503, 'Invalid email address') user_json = data_api_client.get_user(email_address=token_data['email_address']) if not user_json: rendered_component = render_component( 'bundles/SellerRegistration/EnterPasswordWidget.js', { 'form_options': { 'errors': errors }, 'enterPasswordForm': dict(token_data.items() + data.items()), } ) return render_template( '_react.html', component=rendered_component ) user = User.from_json(user_json) return render_template( 'auth/create_user_error.html', data=token_data, user=user), 400
def process_login(): next_url = request.args.get('next') form = LoginForm(request.form) if form.validate(): user_json = data_api_client.authenticate_user(form.email_address.data, form.password.data) if not any( user_has_role(user_json, role) for role in ['assessor', 'admin', 'admin-ccs-category', 'admin-ccs-sourcing']): message = "login.fail: Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash('no_account', 'error') return render_template('login.html', form=form, next=next_url), 403 user = User.from_json(user_json) login_user(user) current_app.logger.info('login.success') if next_url and next_url.startswith('/admin'): return redirect(next_url) return redirect(url_for('.index')) else: return render_template('login.html', form=form), 400
def process_login(): form = auth_forms.LoginForm(request.form) next_url = request.args.get('next') if form.validate(): user_json = data_api_client.authenticate_user(form.email_address.data, form.password.data) if not user_json: current_app.logger.info( "login.fail: failed to sign in {email_hash}", extra={'email_hash': hash_email(form.email_address.data)}) flash("no_account", "error") return render_template_with_csrf("auth/login.html", status_code=403, form=form, next=next_url) user = User.from_json(user_json) login_user(user) current_app.logger.info('login.success: {user}', extra={'user': user_logging_string(user)}) check_terms_acceptance() return redirect_logged_in_user(next_url) else: return render_template_with_csrf("auth/login.html", status_code=400, form=form, next=next_url)
def process_login(): next_url = request.args.get('next') form = LoginForm() if form.validate_on_submit(): user_json = data_api_client.authenticate_user(form.email_address.data, form.password.data, supplier=False) if not user_has_role(user_json, 'admin'): message = "login.fail: Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash('no_account', 'error') return render_template( 'login.html', **get_template_data(form=form, next=next_url)), 403 user = User.from_json(user_json) login_user(user) if next_url and next_url.startswith('/admin'): return redirect(next_url) return redirect(url_for('.index')) else: return render_template('login.html', **get_template_data(form=form)), 400
def process_login(): form = LoginForm() next_url = request.args.get('next') template_data = main.config['BASE_TEMPLATE_DATA'] if form.validate_on_submit(): user_json = data_api_client.authenticate_user( form.email_address.data, form.password.data) if not user_has_role(user_json, 'supplier'): message = "login.fail: " \ "Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash("no_account", "error") return render_template( "auth/login.html", form=form, next=next_url, **template_data), 403 user = User.from_json(user_json) login_user(user) if next_url and next_url.startswith('/suppliers'): return redirect(next_url) return redirect(url_for('.dashboard')) else: return render_template( "auth/login.html", form=form, next=next_url, **template_data), 400
def create_user(encoded_token): form = CreateUserForm() token = decode_invitation_token(encoded_token, role='supplier') if token is None: current_app.logger.warning( "createuser.token_invalid: {encoded_token}", extra={'encoded_token': encoded_token}) return render_template( "auth/create_user_error.html", token=None), 400 user_json = data_api_client.get_user(email_address=token.get("email_address")) if not user_json: return render_template( "auth/create_user.html", form=form, email_address=token['email_address'], supplier_name=token['supplier_name'], token=encoded_token), 200 user = User.from_json(user_json) return render_template( "auth/create_user_error.html", token=token, user=user), 400
def process_login(): next_url = request.args.get('next') form = LoginForm(request.form) if form.validate(): user_json = data_api_client.authenticate_user( form.email_address.data, form.password.data ) if not any(user_has_role(user_json, role) for role in ['admin', 'admin-ccs-category', 'admin-ccs-sourcing']): message = "login.fail: Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash('no_account', 'error') return render_template( 'login.html', form=form, next=next_url ), 403 user = User.from_json(user_json) login_user(user) current_app.logger.info('login.success') if next_url and next_url.startswith('/admin'): return redirect(next_url) return redirect(url_for('.index')) else: return render_template( 'login.html', form=form ), 400
def process_login(): next_url = request.args.get('next') form = LoginForm() if form.validate_on_submit(): user_json = data_api_client.authenticate_user( form.email_address.data, form.password.data, supplier=False) if not user_has_role(user_json, 'admin'): message = "login.fail: Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash('no_account', 'error') return render_template( 'login.html', **get_template_data(form=form, next=next_url) ), 403 user = User.from_json(user_json) login_user(user) if next_url and next_url.startswith('/admin'): return redirect(next_url) return redirect(url_for('.index')) else: return render_template( 'login.html', **get_template_data(form=form) ), 400
def test_when_user_is_part_of_two_teams_has_permissions_when_team_id_is_given(): user = User.from_json({ "users": { "id": 123, "emailAddress": "*****@*****.**", "name": "name", "role": "buyer", "locked": False, "active": True, "teams": [{ "id": 1, "is_team_lead": False, "permissions": ['a'], "name": "team name 1", }, { "id": 2, "is_team_lead": False, "permissions": ['b'], "name": "team name 2", }, { "id": 3, "is_team_lead": True, "permissions": [], "name": "team name 3", }], 'termsAcceptedAt': '2016-01-01T01:00:00.0Z', } }) assert user.has_permission('a', 1) assert not user.has_permission('d', 1) assert user.has_permission('b', 2) assert not user.has_permission('d', 2) assert user.has_permission('c', 3)
def render_create_application(token, data=None, errors=None): data = data or {} try: token_data = decode_user_token(token.encode()) except InvalidToken: return render_template( 'errors/500.html', error_message='Account creation invitation invalid or expired') if not token_data.get('email_address'): abort(503, 'Invalid email address') user_json = data_api_client.get_user( email_address=token_data['email_address']) if not user_json: rendered_component = render_component( 'bundles/SellerRegistration/EnterPasswordWidget.js', { 'form_options': { 'errors': errors }, 'enterPasswordForm': dict(token_data.items() + data.items()), }) return render_template('_react.html', component=rendered_component) user = User.from_json(user_json) return render_template('auth/create_user_error.html', data=token_data, user=user), 400
def auto_buyer_login(): user_json = {"users": { 'id': 234, 'name': 'Buyer', 'emailAddress': '*****@*****.**', 'role': 'buyer' } } user = User.from_json(user_json) login_user(user) return "OK"
def auto_buyer_login(): user_json = {"users": { 'id': 234, 'name': 'Buyer', 'emailAddress': '*****@*****.**', 'role': 'buyer', 'termsAcceptedAt': datetime(2000, 1, 1).strftime(DATETIME_FORMAT), } } user = User.from_json(user_json) login_user(user) return "OK"
def auto_applicant_login(): user_json = {"users": { 'id': 234, 'name': 'Applicant', 'emailAddress': '*****@*****.**', 'role': 'applicant', 'termsAcceptedAt': datetime(2000, 1, 1).strftime(DATETIME_FORMAT), 'application': {'id': 1} } } user = User.from_json(user_json) login_user(user) return "OK"
def auto_login(): user_json = {"users": { 'id': 1234, 'emailAddress': '*****@*****.**', 'role': 'admin', 'locked': False, 'passwordChangedAt': '2015-01-01T00:00:00Z', 'active': True, 'name': 'tester' }} user = User.from_json(user_json) login_user(user) return "OK"
def auto_login(): user_json = {"users": { 'id': 123, 'supplier_name': 'Supplier Name', 'name': 'Name', 'emailAddress': '*****@*****.**', 'role': 'supplier', 'supplierId': 1234 } } user = User.from_json(user_json) login_user(user) return "OK"
def submit_create_buyer_account(token): try: data = decode_buyer_creation_token(token.encode()) except InvalidToken: return render_template_with_csrf('auth/create-buyer-user-error.html', status_code=400, token=None) form = auth_forms.CreateUserForm(request.form) email_address = data.get('emailAddress', None) if email_address is None: email_address = data.get('email_address', None) if not form.validate(): current_app.logger.warning( 'createbuyeruser.invalid: {form_errors}', extra={'form_errors': ', '.join(form.errors)}) return render_template_with_csrf('auth/create-user.html', status_code=400, form=form, email_address=email_address, token=token) try: user = data_api_client.create_user({ 'name': form.name.data, 'password': form.password.data, 'emailAddress': email_address, 'role': 'buyer' }) user = User.from_json(user) login_user(user) send_buyer_onboarding_email(form.name.data, email_address) except HTTPError as e: if e.status_code != 409: raise return render_template_with_csrf('auth/create-buyer-user-error.html', status_code=400, error=e.message, token=None) flash( 'Welcome to your buyer dashboard. \ This is where you can create and track the opportunities you publish in the Marketplace.', 'flag') return redirect_logged_in_user()
def auto_login(): user_json = {"users": { 'id': 123, 'supplier_name': 'Supplier Name', 'name': 'Name', 'emailAddress': '*****@*****.**', 'role': 'supplier', 'supplierCode': 1234, 'termsAcceptedAt': datetime(2000, 1, 1).strftime(DATETIME_FORMAT), } } user = User.from_json(user_json) login_user(user) return "OK"
def test_when_user_is_not_part_of_a_team(): user = User.from_json({ "users": { "id": 123, "emailAddress": "*****@*****.**", "name": "name", "role": "buyer", "locked": False, "active": True, "teams": [], 'termsAcceptedAt': '2016-01-01T01:00:00.0Z', } }) assert user.get_team() is None
def test_User_from_json_with_supplier_no_organisation_size(): supplier_user = User.from_json({'users': { 'id': 123, 'name': 'Name', 'role': 'supplier', 'emailAddress': '*****@*****.**', 'locked': False, 'active': True, 'supplier': { 'supplierId': 321, 'name': 'test supplier' }, "userResearchOptedIn": True }}) assert supplier_user.supplier_organisation_size is None
def test_User_from_json_with_supplier(): user = User.from_json( { "users": { "id": 123, "emailAddress": "*****@*****.**", "locked": False, "supplier": {"supplierId": 321, "name": "test supplier"}, } } ) assert user.id == 123 assert user.email_address == "*****@*****.**" assert user.supplier_id == 321 assert user.supplier_name == "test supplier"
def create_application(token): token_data = decode_user_token(token.encode()) form_data = from_response(request) fields = [('password', 10)] errors = validate_form_data(form_data, fields) if errors: return render_create_application(token, form_data, errors) id = token_data.get('id') create_app = not id if create_app: application = data_api_client.create_application({ 'status': 'saved', 'framework': 'digital-marketplace' }) id = application['application']['id'] user = data_api_client.create_user({ 'name': token_data['name'], 'password': form_data['password'], 'emailAddress': token_data['email_address'], 'role': 'applicant', 'application_id': id }) user = User.from_json(user) login_user(user) if create_app: notification_message = 'Application Id:{}\nBy: {} ({})'.format( id, token_data['name'], token_data['email_address']) notify_team('A new seller has started an application', notification_message) return redirect( url_for('main.render_application', id=id, step=('start' if create_app else 'submit')))
def test_user_research_not_opt_in(): user = User.from_json({'users': { 'id': 123, 'name': 'Name', 'role': 'supplier', 'emailAddress': '*****@*****.**', 'locked': False, 'active': True, 'supplier': { 'supplierId': 321, 'name': 'test supplier', 'organisationSize': 'micro' }, "userResearchOptedIn": False }}) assert not user.user_research_opted_in
def test_User_from_json(): user = User.from_json({'users': { 'id': 123, 'emailAddress': '*****@*****.**', 'locked': False, 'active': True, 'name': 'Name', 'role': 'admin', }}) assert user.id == 123 assert user.name == 'Name' assert user.role == 'admin' assert user.email_address == '*****@*****.**' assert not user.is_locked() assert user.is_active()
def create_user(encoded_token): token = decode_invitation_token(encoded_token) if token.get('error') == 'token_invalid': current_app.logger.warning("createuser.token_invalid: {encoded_token}", extra={'encoded_token': encoded_token}) # Replace this with a proper dedicated template. return render_error_page( status_code=400, error_message=INVALID_TOKEN_MESSAGE.format( support_email=current_app.config['SUPPORT_EMAIL_ADDRESS']), ) role = token["role"] if token.get('error') == 'token_expired': current_app.logger.warning("createuser.token_expired: {encoded_token}", extra={'encoded_token': encoded_token}) return render_template( "auth/create-user-error.html", error=None, support_email_address=current_app.config['SUPPORT_EMAIL_ADDRESS'], role=role, token=None, user=None), 400 form = CreateUserForm() user_json = data_api_client.get_user(email_address=token["email_address"]) if not user_json: return render_template("auth/create-user.html", email_address=token['email_address'], form=form, errors=get_errors_from_wtform(form), role=role, supplier_name=token.get('supplier_name'), token=encoded_token), 200 user = User.from_json(user_json) return render_template( "auth/create-user-error.html", error=None, support_email_address=current_app.config['SUPPORT_EMAIL_ADDRESS'], role=role, token=token, user=user), 400
def submit_create_user(encoded_token): form = CreateUserForm() token = decode_invitation_token(encoded_token) if token is None: current_app.logger.warning("createuser.token_invalid: {encoded_token}", extra={'encoded_token': encoded_token}) return render_template("auth/create_user_error.html", token=None), 400 else: if not form.validate_on_submit(): current_app.logger.warning( "createuser.invalid: {form_errors}", extra={'form_errors': ", ".join(form.errors)}) return render_template("auth/create_user.html", form=form, token=encoded_token, email_address=token['email_address'], supplier_name=token['supplier_name']), 400 try: user = data_api_client.create_user({ 'name': form.name.data, 'password': form.password.data, 'emailAddress': token['email_address'], 'role': 'supplier', 'supplierId': token['supplier_id'] }) user = User.from_json(user) login_user(user) except HTTPError as e: if e.status_code != 409: raise return render_template("auth/create_user_error.html", token=None), 400 flash('account-created', 'flag') return redirect(url_for('.dashboard'))
def test_User_from_json_without_supplier(): user = User.from_json({'users': { 'id': 123, 'name': 'Name', 'role': 'applicant', 'emailAddress': '*****@*****.**', 'locked': False, 'active': True, 'supplier': None, 'termsAcceptedAt': '2016-01-01T01:00:00.0Z', }}) assert user.id == 123 assert user.name == 'Name' assert user.role == 'applicant' assert user.email_address == '*****@*****.**' assert user.supplier_code is None assert user.supplier_name is None
def test_User_is_part_of_team(): user = User.from_json({ "users": { "id": 123, "emailAddress": "*****@*****.**", "name": "name", "role": "buyer", "locked": False, "active": True, "teams": [{ "permissions": [], "name": "team name", }], 'termsAcceptedAt': '2016-01-01T01:00:00.0Z', } }) assert user.is_part_of_team()
def process_login(): form = LoginForm() next_url = request.args.get('next') if form.validate_on_submit(): user_json = data_api_client.authenticate_user(form.email_address.data, form.password.data) if not user_json: current_app.logger.info( "login.fail: failed to log in {email_hash}", extra={'email_hash': hash_string(form.email_address.data)}) errors = govuk_errors({ "email_address": { "message": "Enter your email address", "input_name": "email_address", }, "password": { "message": "Enter your password", "input_name": "password", }, }) return render_template( "auth/login.html", form=form, errors=errors, error_summary_description_text=NO_ACCOUNT_MESSAGE, next=next_url), 403 user = User.from_json(user_json) login_user(user) current_app.logger.info("login.success: role={role} user={email_hash}", extra={ 'role': user.role, 'email_hash': hash_string(form.email_address.data) }) return redirect_logged_in_user(next_url) else: errors = get_errors_from_wtform(form) return render_template("auth/login.html", form=form, errors=errors, next=next_url), 400
def test_User_from_json_with_application(): user = User.from_json({'users': { 'id': 123, 'name': 'Name', 'role': 'applicant', 'emailAddress': '*****@*****.**', 'locked': False, 'active': True, 'application': { 'id': 5, }, 'termsAcceptedAt': '2016-01-01T01:00:00.0Z', }}) assert user.id == 123 assert user.name == 'Name' assert user.role == 'applicant' assert user.email_address == '*****@*****.**' assert user.application_id == 5
def test_User_from_json(): admin_user = User.from_json({'users': { 'id': 123, 'emailAddress': '*****@*****.**', 'locked': False, 'active': True, 'name': 'Name', 'role': 'admin', "userResearchOptedIn": True }}) assert admin_user.id == 123 assert admin_user.name == 'Name' assert admin_user.role == 'admin' assert admin_user.email_address == '*****@*****.**' assert not admin_user.is_locked() assert admin_user.is_active() assert admin_user.user_research_opted_in
def test_User_has_no_permission(): user = User.from_json({ "users": { "id": 123, "emailAddress": "*****@*****.**", "name": "name", "role": "buyer", "locked": False, "active": True, "teams": [{ "is_team_lead": False, "permissions": ['foo'], "name": "team name", }], 'termsAcceptedAt': '2016-01-01T01:00:00.0Z', } }) assert not user.has_permission('bar')
def submit_create_user(encoded_token): form = CreateUserForm() token = decode_invitation_token(encoded_token, role='supplier') if token is None: current_app.logger.warning("createuser.token_invalid: {encoded_token}", extra={'encoded_token': encoded_token}) return render_template( "auth/create_user_error.html", token=None), 400 else: if not form.validate_on_submit(): current_app.logger.warning( "createuser.invalid: {form_errors}", extra={'form_errors': ", ".join(form.errors)}) return render_template( "auth/create_user.html", form=form, token=encoded_token, email_address=token.get('email_address'), supplier_name=token.get('supplier_name')), 400 try: user = data_api_client.create_user({ 'name': form.name.data, 'password': form.password.data, 'emailAddress': token.get('email_address'), 'role': 'supplier', 'supplierId': token.get('supplier_id') }) user = User.from_json(user) login_user(user) except HTTPError as e: if e.status_code != 409: raise return render_template( "auth/create_user_error.html", token=None), 400 return redirect(url_for('.dashboard'))
def create_user(token): data = get_create_user_data(token) user_json = data_api_client.get_user(email_address=data['emailAddress']) if not user_json: form = CreateUserForm(name=data['name']) return render_template_with_csrf( 'auth/create_user.html', form=form, email_address=data['emailAddress'], supplier_name=data['supplierName'], token=token) user = User.from_json(user_json) return render_template( 'auth/create_user_error.html', data=data, user=user), 400
def test_when_user_is_part_of_one_team(): user = User.from_json({ "users": { "id": 123, "emailAddress": "*****@*****.**", "name": "name", "role": "buyer", "locked": False, "active": True, "teams": [{ "is_team_lead": True, "permissions": [], "name": "team name", }], 'termsAcceptedAt': '2016-01-01T01:00:00.0Z', } }) team = user.get_team() assert team['name'] == 'team name'
def test_User_from_json_with_supplier(): user = User.from_json({'users': { 'id': 123, 'name': 'Name', 'role': 'supplier', 'emailAddress': '*****@*****.**', 'locked': False, 'active': True, 'supplier': { 'supplierId': 321, 'name': 'test supplier', } }}) assert user.id == 123 assert user.name == 'Name' assert user.role == 'supplier' assert user.email_address == '*****@*****.**' assert user.supplier_id == 321 assert user.supplier_name == 'test supplier'
def submit_create_user(token): data = get_create_user_data(token) form = CreateUserForm(request.form) if not form.validate(): current_app.logger.warning( 'createuser.invalid: {form_errors}', extra={'form_errors': ', '.join(form.errors)}) return render_template( 'auth/create_user.html', form=form, token=token, email_address=data['emailAddress'], supplier_name=data['supplierName']), 400 if token == 'fake-token': return redirect('/') try: user = data_api_client.create_user({ 'name': form.name.data, 'password': form.password.data, 'emailAddress': data['emailAddress'], 'role': 'supplier', 'supplierCode': data['supplierCode'] }) user = User.from_json(user) login_user(user) except HTTPError as e: if e.status_code != 409: raise return render_template( 'auth/create_user_error.html', token=None), 400 flash('account-created', 'flag') return redirect(url_for('.dashboard'))
def create_application(token): token_data = decode_user_token(token.encode()) form_data = from_response(request) fields = [('password', 10)] errors = validate_form_data(form_data, fields) if errors: return render_create_application(token, form_data, errors) id = token_data.get('id') create_app = not id if create_app: application = data_api_client.create_application({'status': 'saved', 'framework': 'digital-marketplace'}) id = application['application']['id'] user = data_api_client.create_user({ 'name': token_data['name'], 'password': form_data['password'], 'emailAddress': token_data['email_address'], 'role': 'applicant', 'application_id': id }) user = User.from_json(user) login_user(user) if create_app: notification_message = 'Application Id:{}\nBy: {} ({})'.format( id, token_data['name'], token_data['email_address'] ) notify_team('A new seller has started an application', notification_message) return redirect(url_for('main.render_application', id=id, step=('start' if create_app else 'submit')))
def send_reset_password_email(): form = ResetPasswordForm() if form.validate_on_submit(): email_address = form.email_address.data user_json = data_api_client.get_user(email_address=email_address) if user_json is not None: user = User.from_json(user_json) # Send a password reset email with token email.send_password_email(user.id, user.email_address, user.locked) message = "login.reset-email.sent: " \ "Sending password reset email for supplier %d (%s)" current_app.logger.info(message, user.id, user.email_address) else: message = "login.reset-email.invalid-email: " \ "Password reset request for invalid supplier email %s" current_app.logger.info(message, email_address) flash('email_sent') return redirect(url_for('.request_password_reset')) else: template_data = main.config['BASE_TEMPLATE_DATA'] return render_template("auth/request-password-reset.html", form=form, **template_data), 400
def test_User_from_json(): user = User.from_json({"users": {"id": 123, "emailAddress": "*****@*****.**", "locked": False}}) assert user.id == 123 assert user.email_address == "*****@*****.**"
def load_user(user_id): user_json = data_api_client.get_user(user_id=int(user_id)) if user_json: return User.from_json(user_json)
def test_User_has_any_role(user_json): user = User.from_json(user_json) assert user.has_any_role('supplier', 'other') assert user.has_any_role('other', 'supplier') assert not user.has_any_role('other', 'admin')